Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

EU, U.S. Privacy Shield Deal Greeted With Claims It's Meaningless

NEWS ANALYSIS: Many see the agreement as a way to keep data flowing smoothly between the two continents while keeping the issue of data transfer privacy away from European courts.

When the European Commission announced on Feb. 2 the agreement with the United States on how the two U.S. and European Union member nations would handle international data transfers while protecting their privacy, it was hailed as a breakthrough.

But even at the time there were questions about exactly what was agreed to, how it would be enforced and when an official written agreement would see the light of day.

Since then, there has been a lot of public comment that the Privacy Shield, as it's called, is likely meaningless rather than the great negotiation breakthrough as the parties to the talks described it.

Much of the reason its importance is questioned is because there's really nothing to show in terms of an official document and that even the verbal framework that's been worked out will certainly be modified many times in the months or years before a draft is ready for ratification by the various parties.

Further reading

But there's also a suspicion that the verbal agreement, along with the annual certifications it contains, is more intended to keep European courts from getting involved than to lock in any real improvement in data privacy.

"It doesn't have any teeth anyway," said Teresa Schoch, associate director of the Berkeley Research Group, where she's an expert in data governance. She sees the Privacy Shield agreement as a delaying action to provide time for EU member nations to approve a new set of data privacy regulations.

The General Data Protection Regulation (GDPR), as it's named, has to be ratified by each of the EU member states, which could take another year and a half at least.

The means that the proposed Privacy Shield is nothing more than "a way to say 'we're working on this,' but it's not doing anything but getting things in line for when the new regulation goes into effect," Schoch said.

"No one expects anything in writing for months," she said. "Some nations won't think [the Privacy Shield] is stringent enough, so it will be in limbo for a while."

Schoch said that about 4,400 companies were covered under the previous Safe Harbor agreement that was struck down by the European Courts of Justice last year. Half of those companies don't even realize that Safe Harbor no longer exists and the other half don't know what to do in terms of data protection while the agreement is still being worked out, she said.

Adding to the complexity of the agreement between the EU and the U.S. is the problem that it must be consistent with the new data protection laws being drafted in Europe independent of the Privacy Shied agreement.

This means that the official Privacy Shield agreement, once it's drafted, must be in compliance with the GDPR as ratified by the EU states, adding another layer of uncertainty.